Businesses have been quick to embrace mobile devices, cloud computing, and social networking. But information security professionals report that they're now in a state of constantly having to play catch-up, both in terms of obtaining the needed know-how for securing these new technologies, as well as actually keeping them secure enough for business use.
That finding comes from a new study from market researcher Frost & Sullivan, sponsored by the International Information Systems Security Certification Consortium, or (ISC)2. The study is based on a Frost & Sullivan survey of 10,413 information security professionals from around the world. Of the respondents, 72% were (ISC)2 members.
"In the modern organization, end users are dictating IT priorities by bringing technology to the enterprise, rather than the other way around," said Robert Ayoub, global program director of network security for Frost & Sullivan, in a statement. "Pressure to secure too much, and the resulting skills gap, are creating risk for organizations worldwide."
For example, 70% of surveyed information security professionals said that they need better skills for securing clouds. At the same time, more than half of organizations already have private clouds in place, and more than 40% of security professionals themselves now use software-as-a-service applications.
To address the skills gap, many security professionals are regularly turning to training and education. According to the survey, the top areas that information professionals expect to receive training in over the next year are risk management (for 47%) and application and system development security (41%). The latter is notable since, according to the survey, respondents ranked application vulnerabilities as the biggest threat to their organizations. On a related note, 20% of information security professionals now report they're involved in secure software development.
Meanwhile, other training and education priorities for the upcoming year include forensics (39%), end-user security awareness (39%), security architecture and models (38%), access-control systems and methodology (38%), security management practices (37%), and business continuity and disaster recovery planning (34%).
Despite the skills gap, the survey found that the security field is largely in good health. Three out of five information security practitioners saw their salary increase in 2010, and most firms plan to increase their information security spending. For 2010, Frost & Sullivan estimates that there are 2.28 million information security professionals worldwide, and expects that figure to nearly double by 2015, to almost 4.2 million jobs.